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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the 
changes and/or additions be unacceptable to applicant, an amendment may be 
filed as provided by 37 CFR 1 .312. To ensure consideration of such an 
amendment, it MUST be submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone 
interview with Brian R Drozd on June 16, 2009. 

In the claims : 

This listing of claims will replace all prior versions and listings of claims in 
the application. 

1 . (Currently Amended) A method of managing operational risk for an 
organization, the method comprising: 

identifying at least one failure mode for a function of the organization; 

identifying at least one cause and at least one effect for at least one of the 
at least one failure mode; 

acquiring ratings associated with the at least one cause and the at least 
one effect; 

permuting the at least one failure mode, the at least one cause, and the at 
least one effect to define at least two risk items; and 
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producing a risk prioritization report of the at least two risk items based at 
least in part on the ratings associated with the at least one cause and the at least 
one effect , the ratings comprising: 

a severity rating and a response rating associated with each 
of the at least one effect: and 

an occurrence rating and a detection rating associated with 
each of the at least one cause: and 
wherein the acquiring, permuting and producing steps are performed by a 
computer: and 

wherein the producing of the risk prioritization report comprises: 

calculating a criticalitv based on the severity rating and the 
occurrence rating: 

calculating a risk priority number based on the severity rating, the 
occurrence rating and the detection rating: and 

calculating an adjusted criticalitv based on the criticalitv, the 
severity rating, and the response rating, 

wherein the calculating steps are performed by a computer . 

2. (Original) The method of claim 1 further comprising: 
recording a mitigation plan associated with at least one of the at least two 
risk items in the risk prioritization report; and 

tracking implementation of the mitigation plan. 
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3-4. (Cancelled) 

5. (Currently Amended) The method of claim 1_[[4]] further comprising: 
determining whether the at least one effect is related to at least one of a 

group consisting of compliance and strategic planning; 

wherein the producing of the risk prioritization report further comprises 

determining whether each of the at least two risk items represents at least one of 

a group consisting of a compliance related risk, a strategic planning related risk, 

a hidden factory, and a tail event. 

6-8. (Cancelled) 

9. (Original) The method of claim 1 further comprising: 
acquiring failure mode likelihoods associated with the at least one 

failure mode for the function; and 

validating the ratings using the failure mode likelihoods. 

10. (Original) The method of claim 2 further comprising: 
acquiring failure mode likelihoods associated with the at least one 

failure mode for the function; and 

validating the ratings using the failure mode likelihoods. 



11-12. (Cancelled) 
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13. (Original) The method of claim 1 further comprising validating the 
ratings using historical data. 

14-16. (Cancelled) 

17. (Original) The method of claim 1 wherein the producing of the risk 
prioritization report further comprises quantifying at least some of the risk items 
based on financial data. 

18. (Original) The method of claim 5 wherein the producing of the risk 
prioritization report further comprises quantifying at least some of the risk items 
based on financial data. 

19-20. (Cancelled) 

21 . (Original) The method of claim 1 further comprising determining a 
stability ratio, wherein the stability ratio represents a comparison of one of a 
number of priority risk items and a number of non-priority risk items to a total 
number of risk items. 

22. (Original) The method of claim 2 wherein the method further 
comprises determining a stability ratio, wherein the stability ratio represents a 
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comparison of one of a number of priority risk items and a number of non-priority 
risk items to a total number of risk items and the tracking of the implementation of 
the mitigation plan further comprises tracking a stability ratio. 

23. (Currently Amended) A computer program product comprising a 
computer readable medium with a computer program embodied therein for 
facilitating risk assessment and control for an organization, the computer 
program comprising: 

instructions for identifying failure modes for at least one function of the 
organization; 

instructions for identifying at least one cause and at least one effect for 
each failure mode; 

instructions for acquiring ratings associated with the at least one cause 
and the at least one effect; 

instructions for permuting the failure modes, the at least one cause, and 
the at least one effect to define risk items; and 

instructions for producing a risk prioritization report of the risk items based 
at least in part on the ratings associated with the at least one cause and the at 
least one effect for each failure mode , the ratings comprising: 

a severity rating and a response rating associated with each 
of the at least one effect; and 

an occurrence rating and a detection rating associated with 
each of the at least one cause, and 
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wherein the instructions for producing the risk prioritization report 
comprises: 

instructions for calculating a criticality based on the severity rating 
and the occurrence rating; 

instructions for calculating a risk priority number based on the 
severity rating, the occurrence rating and the detection rating; and 

instructions for calculating an adjusted criticality based on the 
criticality, the severity rating, and the response rating . 

24. (Original) The computer program product of claim 23 wherein the 
computer program further comprises: 

instructions for recording a mitigation plan associated with at least one of 
the risk items in the risk prioritization report; and 

instructions for tracking implementation of the mitigation plan. 

25-26. (Cancelled) 

27. (Currently Amended) The computer program product of claim 23 
[[26]] wherein the computer program further comprises: 

instructions for determining whether the at least one effect is related to at 
least one of a group consisting of compliance and strategic planning; 

wherein the instructions for producing of the risk prioritization report further 
comprise instructions for determining whether each of the risk items represents 
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at least one of a group consisting of a compliance related risk, a strategic 
planning related risk, a hidden factory, and a tail event. 

28-30. (Cancelled). 

31 . (Original) The computer program product of claim 23 wherein the 
computer program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at 
least one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

32. (Original) The computer program product of claim 24 wherein the 
computer program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at 
least one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

33-34. (Cancelled) 

35. (Original) The computer program product of claim 23 wherein the 
computer program further comprises instructions for validating the ratings using 
historical data. 
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36-38. (Cancelled) 

39. (Original) The computer program product of claim 23 wherein the 
instructions for producing the risk prioritization report further comprise 
instructions for quantifying at least some of the risk items based on financial data. 

40. (Original) The computer program product of claim 27 wherein the 
instructions for producing the risk prioritization report further comprise 
instructions for quantifying at least some of the risk items based on financial data. 

41-42. (Cancelled) 

43. (Original) The computer program product of claim 23 wherein the 
computer program further comprises instructions for determining a stability ratio, 
wherein the stability ratio represents a comparison of one of a number of priority 
risk items and a number of non-priority risk items to a total number of risk items. 

44. (Original) The computer program product of claim 24 wherein the 
computer program further comprises instructions for determining a stability ratio, 
wherein the stability ratio represents a comparison of one of a number of priority 
risk items and a number of non-priority risk items to a total number of risk items 
and the instructions for tracking the implementation of the mitigation plan further 
comprise instructions for tracking a stability ratio. 
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45. (Currently Amended) Apparatus for facilitating risk management for 
an organization, the apparatus comprising: 

a computing platform : 

means for identifying failure modes for at least one function of the 
organization; 

means for identifying at least one cause and at least one effect for each 
failure mode; 

means for acquiring ratings associated with the at least one cause and the 
at least one effect; 

means for permuting the failure modes, the at least one cause, and the at 
least one effect to define risk items; and 

means for producing a risk prioritization report of the risk items based at 
least in part on the ratings associated with the at least one cause and the at least 
one effect for each failure mode , the ratings comprising: 

a severity rating and a response rating associated with each 
of the at least one effect: and 

an occurrence rating and a detection rating associated with 
each of the at least one cause; and 
wherein the means for producing the risk prioritization report comprises: 
means for calculating a criticalitv based on the severity rating and 
the occurrence rating; 
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means for calculating a risk priority number based on the severity 
rating, the occurrence rating and the detection rating; and 

means for calculating an adjusted criticality based on the criticality, 
the severity rating, and the response rating . 



46. (Original) The apparatus of claim 45 further comprising: 
means for recording a mitigation plan associated with at least one of the 
risk items in the risk prioritization report; and 

means for tracking implementation of the mitigation plan. 



47. (Original) The apparatus of claim 45 further comprising: 
means for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 



48. (Original) The apparatus of claim 46 further comprising: 
means for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 



49. (Original) The apparatus of claim 45 further comprising means for 
validating the ratings using historical data. 
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50. (Original) The apparatus of claim 46 further comprising means for 
validating the ratings using historical data. 

51 . (Original) The apparatus of claim 47 further comprising means for 
validating the ratings using historical data. 

52. (Original) The apparatus of claim 48 further comprising means for 
validating the ratings using historical data. 

53. (Original) The apparatus of claim 45 further comprising means for 
determining a stability ratio, wherein the stability ratio represents a comparison of 
one of a number of priority risk items and a number of non-priority risk items to a 
total number of risk items. 

54. (Currently Amended) A system for facilitating risk assessment and 
control for an organization comprising: 

a computing platform having computer program code embodied therein, 
the computer program code comprising: 

at least one analysis module to identify causes and effects associated with 
failure modes of at least one function of the organization and acquire ratings 
associated with the causes and effects; 
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at least one data store operationally connected to at least some of the at 
least one analysis module to store failure modes, causes, effects, and ratings; 
and 

at least one calculation module operationally connected to the at least one 
data store to permute the failure modes, causes and effect to define risk items 
and produce a risk prioritization report of the risk items based at least in part on 
the ratings , wherein the ratings comprise: 

a severity rating and a response rating associated with each effect: 

and 

an occurrence rating and a detection rating associated with each 

cause, and 

wherein the at least one calculation module is operable to calculate a 
criticality based on the severity rating and the occurrence rating, a risk priority 
number based on the severity rating, the occurrence rating and the detection 
rating, and an adjusted criticality based on the criticality, the severity rating, and 
the response rating . 

55-56. (Cancelled) 

57. (Currently Amended) The system of claim 54 [[56]] wherein the at 
least one calculation module is operable to determine whether each of the risk 
items represents at least one of a group consisting of a compliance related risk, a 
strategic planning related risk, a hidden factory, and a tail event. 
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58. (Original) The system of claim 54 further comprising a data 
validation module operationally connected to the at least one data store, the data 
validation module operable to validate ratings at least in part using historical 
data. 

59. (Original) The system of claim 54 further comprising a risk data 
quantification module operationally connected to the at least one data store, the 
risk data quantification module operable to quantify ratings based at least in part 
on financial data. 

60-63. (Cancelled) 

64. (Original) The system of claim 57 further comprising a data 
validation module operationally connected to the at least one data store, the data 
validation module operable to validate ratings at least in part using historical 
data. 

65. (Original) The system of claim 57 further comprising a risk data 
quantification module operationally connected to the at least one data store, the 
risk data quantification module operable to quantify ratings based at least in part 
on financial data. 
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66. (Original) The system of claim 54 further comprising an operational 
interface to a risk meta-modeling system. 

67. (Original) The system of claim 58 further comprising an operational 
interface to a risk meta-modeling system. 

68. (Original) The system of claim 59 further comprising an operational 
interface to a risk meta-modeling system. 

69-70. (Cancelled) 

71 . (Original) The system of claim 54 further comprising a stability 
analysis module operationally connected to the at least one calculation module to 
determine a stability ratio, wherein the stability ratio represents a comparison of 
one of a number of priority risk items and a number of non-priority risk items to a 
total number of risk items. 



Allowable Subject Matter 

3. Claims 1 -2, 5, 9-1 0, 1 3, 1 7-1 8, 21-24, 27,31 -32, 35, 39-40, 43-54, 57-59, 
64-68 and 71 are allowed. 
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Reasons for Allowance 

4. The following is an Examiner's statement of reasons for the indication of 
allowable subject matter: 

The closest prior art is to Chakib Kara-Zaitri et al "Chakib" (A Smart 
Failure Mode and Effect Analysis Package) in view of Moore et al (US 
20040059589). The combination references of Chakib and Moore et fails to 
teach the ratings comprising a severity rating and a response rating associated 
with each of the at least one effect, an occurrence rating and a detection rating 
associated with each of the at least one cause, wherein the acquiring, permuting 
and producing steps are performed by a computer, wherein the producing of the 
risk prioritization report comprises calculating a criticality based on the severity 
rating and the occurrence rating, calculating a risk priority number based on the 
severity rating, the occurrence rating and the detection rating, calculating an 
adjusted criticality based on the criticality, the severity rating, and the response 
rating, wherein the calculating steps are performed by a computer, taken in 
combination with a method of managing operational risk for an organization, as 
recited in independent claim 1. 

The closest prior art is to Chakib Kara-Zaitri et al "Chakib" (A Smart 
Failure Mode and Effect Analysis Package) in view of Moore et al (US 
20040059589). The combination references of Chakib and Moore et fails to 
teach a severity rating and a response rating associated with each of the at least 
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one effect, an occurrence rating and a detection rating associated with each of 
the at least one cause, wherein the instructions for producing the risk 
prioritization report comprises instructions for calculating a criticality based on the 
severity rating and the occurrence rating, instructions for calculating a risk priority 
number based on the severity rating, the occurrence rating and the detection 
rating, instructions for calculating an adjusted criticality based on the criticality, 
the severity rating, and the response rating, taken in combination with a 
computer program product comprising a computer readable medium with a 
computer program embodied therein for facilitating risk assessment and control 
for an organization, as recited in independent claim 23. 

The closest prior art is to Chakib Kara-Zaitri et al "Chakib" (A Smart 
Failure Mode and Effect Analysis Package) in view of Moore et al (US 
20040059589). The combination references of Chakib and Moore et fails to 
teach a severity rating and a response rating associated with each of the at least 
one effect, an occurrence rating and a detection rating associated with each of 
the at least one cause, wherein the means for producing the risk prioritization 
report comprises means for calculating a criticality based on the severity rating 
and the occurrence rating, means for calculating a risk priority number based on 
the severity rating, the occurrence rating and the detection rating, means for 
calculating an adjusted criticality based on the criticality, the severity rating, and 
the response rating , taken in combination with an apparatus for facilitating risk 
management for an organization, as recited in independent claim 45. 
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The closest prior art is to Chakib Kara-Zaitri et al "Chakib" (A Smart 
Failure Mode and Effect Analysis Package) in view of Moore et al (US 
20040059589). The combination references of Chakib and Moore et fails to 
teach wherein the ratings comprise a severity rating and a response rating 
associated with each effect, an occurrence rating and a detection rating 
associated with each cause, wherein the at least one calculation module is 
operable to calculate a criticality based on the severity rating and the occurrence 
rating, a risk priority number based on the severity rating, the occurrence rating 
and the detection rating, and an adjusted criticality based on the criticality, the 
severity rating, and the response rating taken in combination with a system for 
facilitating risk assessment and control for an organization, as recited in 
independent claim 54. 

Any comments considered necessary by applicant must be submitted no 
later than the payment of the issue fee and, to avoid processing delays, should 
preferably accompany the issue fee. Such submissions should be clearly labeled 
"Comments on Statement of Reasons for Allowance." 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Chang et al (Failure mode and effects analysis using grey theory) 
discloses a method for determining a risk priority number by applying the theory 
to the failure mode and effects analysis. 
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b. Feather et al (Combining the Best Attributes of Qualitative and 
Quantitative Risk Management Tool Support) discloses a risk management 
system for determining risk relating to a project. 

c. Greenfield (Risk management tools) discloses a risk management 
system for calculating failure mode and effect analysis of risks, and calculating a 
severity for each failure. 

d. Alexander Carol (Bayesian Methods for Measuring Operational 
Risk Discussion Papers in Finance 2000-02, ISMA Centre) discloses a method 
for measuring and analyzing operational risks, such as transaction processing 
risk and human risks. 

e. Schaf et al (US Patent No. 7,409,357) discloses a method for 
measuring risk comprising the calculation of a number of losses per period in a 
unit conditional on the value of one or several risk ratings for a unit. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Romain Jeanty whose telephone number is 
(571) 272-6732. The examiner can normally be reached on Mon-Thurs 7:30 am 
to 6:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Bradley Bayat can be reached on (571) 272-6704. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

/Romain Jeanty/ 
Primary Examiner 
Art Unit 3624 
June 22, 2009 



